Four Pillars: More musings on privacy; and why I’m confused

Have you ever had a McEnroe moment while reading something, a time when every nerve and sinew is yelling “You cannot be serious?“?

I used to feel that way when I read privacy-meets-security scaremongering; now I am so used to it I am more likely to laugh instead.

Take a look at this article in the latest New Scientist. Headlined Keep Out of MySpace, there’s nothing with the facts in the article, and a good deal of the analysis is sound, but how I wish the scaremongering would stop.

At least some of the quotes make me smile.Â “I am continually shocked and appalled at the details people voluntarily post online about themselves“. So says a chief security officer. What a surprise. “You should always assume anything you write online is stapled to your resume“. Same guy. Duh.

I must be stupid. Definitely Confused.

I think people post stories and notes and photographs and videos and comments on the web for a reason.

I think people post information on tastes and opinions and experiences on the web for a reason.

I think people post information on themselves and what makes them tick for a reason.

And funnily enough it’s the same reason.

They want other people to see the stuff. To read it, share it, comment on it, experience it, whatever.

If they wanted to prevent anyone from doing any of this they would not have posted or uploaded the stuff in the first place. If you want to keep something secret don’t tell anyone. As Kenny Dalglish famously said years ago.

There’s a huge difference between snooping and discovering. When someone looks through your dustbin and puts together a profile of your interests and weaknesses and things you didn’t mean to share with others, that’s invasion of privacy. When someone hacks into information you had reason to believe was private, that’s invasion of privacy. When someone collects information about what you do online without telling you what they’re doing, much less actually asking for your permission, that’s invasion of privacy. When someone finds things about you that you volunteered in the first place, and that you wanted others to find, that’s not invasion of privacy. That’s called success.

Of course it’s good to educate people as to what can be done with technology these days. To let people know how someone could build quite a detailed picture of who you are and what you do, just based on public domain information, including the stuff you volunteered. This we must do. Which is why articles like in the New Scientist can serve a purpose. But not by scaremongering.

I’ve heard people say that software akin to Riya is bad. If you speak to people who were desperately looking for loved ones in tragedies like 9/11 or Katrina or the tsunami or the earthquakes, they may give you a different answer. If you speak to people deeply interested in family tree research they may give you a different answer.

Social software has mushroomed because it allows people to share things. Not hide them.

The point is simple. Public information is not private information. Voluntarily publicised personal information is not private information. And there’s a lot of good we can do with the information.

It is wrong when the information was illegally obtained.

Today, even before the semantic web becomes everyday reality, even before things like Riya become mainstream, the ability to connect the dots is a privilege enjoyed by few. Governments and detective agencies and spies and terrorists and suchlike. This is wrong.

But rather than stop people publishing such stuff or scaring them, we need to educate people. Of the benefits as well as the risks. And we need to make access to the tools affordable and ubiquitous. In a weird kind of way akin to opensource and to encryption, all this sharing becomes more powerful when everyone has access. The problem with today is that very few haveaccess, that the information they use is illegally obtained, or at the very least by subterfuge and deceit. That’s what’s wrong.

We need to stop the scaremongering. Educate on the risks. Build for affordability and ubiquity.

Otherwise we will have unintended consequences. Nanny states and nanny vendors and nanny consultants telling us that they need to implement Machiavellian DRM and “security” “for our own good”. While they have the tools to get beyond the protection. And we don’t.

Let’s not have privacy concepts built around the yesterdays of the West, but the tomorrows of the World.

I am not advocating an absence of privacy, it is everyone’s right. There are many things that can and should remain private. What I am advocating is a constructive and holistic attitude to privacy, one that does not enforce the implementation of bad DRM and InfoSec in the name of privacy.

Otherwise we will have created a two-tier personal information universe with a powerful few having access to the connections. Now that’s Big Brother.

For those who are interested, I’ve provided links to two of the publications referenced in the article. The first is a report on Data Mining and Homeland Security, you can get to the Report via this article. The second is a paper that was presented at WWW2006, on Semantic Analytics of Social Networks.

Sure we’re going to learn more about who we are and what we do and who else feels that way; sure there’s a wealth of information just waiting to be found, patterns we can’t see today, relationships we don’t know about, interests we didn’t know we could have. It’s a voyage of discovery, one that must be available to all rather than a select few.